Petya is not ransomware

Russian hybrid war: It’s not so far away

June 27th became a “Black Tuesday” for thousands people around the world including the U.S. They met Petya-virus, a new ransomware, which paralyzed a lot of local networks including crucial services, banks, airports, and state agencies. It looked like a classic ransomware attack that scam criminals have been pulling for years, but as researchers looked closer, they noticed strange things that pointed out the only one real ideologist and creator of that chaos — Russia.

It wasn’t the only international cyber-attack organized by Russians recently.

Last year, the democratic election process in the U.S. was faced with hackers’ activity. American Intelligence pointed the finger at the Russian government. Many other attacks with suspicion of Russia were under way in France, Germany, Ukraine and other countries. Moscow of course still denies everything.

How could researches arrive at the conclusion that it was Russia?

The latest version of the Petya-virus shutdown computer systems across Europe, Asia, and North America, hitting government offices and some of the largest corporations in the world. It also poisoned the Russian oil company Rosneft (as that Kremlin-linked company stated).

The new virus includes clever improvements on WannaCry, the ransomware worm that began attacking Windows systems on May 12, ultimately spreading to 300,000 computers.

Any system hit by the attack immediately stopped functioning encrypting its hard drive and demanding $300 in bitcoin to crack the code. The attackers asked for a ransom, but they didn’t seem motivated by money. The payment method for the ransomware was strange relying on a single email address that was shut down almost immediately. At the same time, the virus itself deleted crucial system files, making it impossible to actually decrypt computer systems. Given how sophisticated the cyber-campaign was, the attackers were after something more than money. What looked like a ransom demand at the beginning now looks like a motivated chaos campaign, targeting mostly one country, Ukraine.

Ukraine saw 60 percent of the total infections. Government agencies, central bank, cellular companies, airports, metro system, media outlets stopped functioning at the same time. Attackers specifically targeted Ukraine with early infections coming from hacked Ukrainian legal financial software and malicious emails. Whoever launched this attack wanted to make sure that Ukraine took the hardest hit.

Technically, it is very difficult to prove who is responsible for global cyber-attacks, but there are not many players who have relevant motivation.

Moreover, last year the U.S. Intelligence Community found some parts of malicious code written by hackers linked to the Russian military intelligence (GRU) and that was just one puzzle.

In 2014, Russia launched a hybrid war against Ukraine, Europe, and the whole West. And in 2015, a more sophisticated cyberattack brought down a Ukrainian electrical utility leaving more than 200,000 people without power.

Russia has been denying any act of aggression including cyber-attacks, but every time their media are underscoring what chaos or disorder prevails abroad. The Russian government wants to seem strong, and that kind of activity makes it easier for the Kremlin’s leadership to stay in power.